The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Abstract

The safety, security, and resilience of international postal, shipping, and transportation critical infrastructure are vital to the global supply chain that enables worldwide commerce and communications. But security on an international scale continues to fail in the face of new threats. Owners and operators of critical postal, shipping, and transportation operations need new methods to identify, assess, and mitigate security risks and gaps in the most effective manner possible. The U.S. Postal Inspection Service, in collaboration with the Universal Postal Union (UPU) and the CERT® Division at Carnegie Mellon University’s Software Engineering Institute, developed a physical security assessment method to identify gaps in the security of international mail processing centers and similar shipping and transportation processing facilities. This assessment method and its associated field instrument are designed to be repeatable, cost effective, scalable, accurate, meaningful, and transparent. Since the method uses UPU standards as its reference, it may be used by the international community to evaluate the security of postal administrations around the world. The method also can be applied to other types of critical transportation services, such as metropolitan transit systems. This report describes the history, development approach, field experiences, and benefits of this method.